I'm creating a new Exchange 2010 environment to replace the DeskNow system that my company is using currently. I don't have any experience with Exchange at all. I have the main roles installed and they appear to be working internally. AD is doing its job; I can hook up Outlook 2007 with next to no effort. I can even get to OWA. By all indications I have a working internal mail system (that nobody is using at the moment).
Now I want to be able to exchange mail with the Internets. I've been reading a few books on the subject and everyone says that I don't need an Edge Transport server - but that's as far as they go. They don't tell me how to set up Internet mail exchange without the Edge Transport server, they just go right into how to set one up and how to use it as an SMTP gateway.
So I turn to you. How does mail get to the Internet without the Edge Transport server? What goes in my DMZ? And, if everyone agrees that I need one, can it be a virtual machine or do I need an entirely new server?
You are correct, you don't need an Edge Transport server. Exchange should have already created what you need to communicate with the outside world, it just needs a bit of tweaking.
In the Exchange Management Console, go to Organisation Configuration => Hub Transport and click on the Send Connectors tab and create a new one. Have handy your ISPs Smart Host information so you can put it into this dialog. When asked for an address scope, type an asterisk (*).
Exchange will have created you a default Receive Connector so you can receive emails. You will need to go into the properties of this and on the Permission Groups tab check the box for Anonymous Users so you can receive email from the internet.
On your firewall you should configure port 25 to be port forwarded to your Exchange server (to receive email), and it's probably not a bad idea to restrict port 25 through the firewall so only your Exchange server can pass traffic on port 25.
If you are potentially unfamiliar with Internet connectivity / firewalls / exchange you may wish to talk to your ISP about them providing some level of SMTP relaying before being sent to your network.
You still manage all the internal aspects of the mail system but you have kind of a big buddy helping your Internet facing pieces.
If you wish to put an SMTP forwarding device in your DMZ it can be a VM - generally a Linux or BSD based server that only moves email back and forth from the Internet to your exchange server. This can limit the direct attacks to your internal server(s). Many companies make appliances that do this as well and combine anti spam and virus protection - Barracuda Networks for instance ( I am sure there are many that do, Barracuda is just one that I personally know of ). The argument in favor of using a non-Microsoft product to do this is that you are combining two different vendors offerings to help vs just depending on one to do the work.
An edge transport server is not needed. You can run exchange fully on a single hosted server minus the factors involved regarding performance and availability.
If your going to run your Exchange build on multiple servers your edge server would go in your DMZ over there. You could also put your outlook web access front end in the DMZ although then brings up questions on routing back to the mailbox stores and active directory traffic.
basically your going to have your hub transport and mailbox storage groups on the same machine then a single server solution will work fine. You can always add and reconfigure later on.